Vulnerability Details CVE-2024-28826
Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.6%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2024-28826
-
cpe:2.3:a:checkmk:checkmk:1.2.3
-
cpe:2.3:a:checkmk:checkmk:1.2.4
-
cpe:2.3:a:checkmk:checkmk:1.2.5
-
cpe:2.3:a:checkmk:checkmk:1.2.6
-
cpe:2.3:a:checkmk:checkmk:1.2.7
-
cpe:2.3:a:checkmk:checkmk:1.2.8
-
cpe:2.3:a:checkmk:checkmk:1.4.0
-
cpe:2.3:a:checkmk:checkmk:1.5.0
-
cpe:2.3:a:checkmk:checkmk:1.6.0
-
cpe:2.3:a:checkmk:checkmk:1.6.4
-
cpe:2.3:a:checkmk:checkmk:2.0.0
-
cpe:2.3:a:checkmk:checkmk:2.1.0
-
cpe:2.3:a:checkmk:checkmk:2.2.0
-
cpe:2.3:a:checkmk:checkmk:2.3.0